From 5fd399b7862e69e170bc9d7313c3ce9b5ee33035 Mon Sep 17 00:00:00 2001 From: dlicheva Date: Tue, 16 Sep 2025 15:28:20 +0100 Subject: [PATCH 1/2] add kics docs --- docs/reference/components/kics.md | 53 +++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 docs/reference/components/kics.md diff --git a/docs/reference/components/kics.md b/docs/reference/components/kics.md new file mode 100644 index 0000000..f235dee --- /dev/null +++ b/docs/reference/components/kics.md @@ -0,0 +1,53 @@ +--- +sidebar_custom_props: + icon: "/img/components/kics.svg" +title: 'Kics' +description: 'Scanner for Infrastructure as code.' +--- + +# Kics + +This component runs [Kics](https://kics.io/index.html) by CheckMarx to scan +infrastructure as code. + +## How to use with Smithy + +### Open-Source + +1. Add the component to the workflow + +```yaml +# file: ./my-workflow/workflow.yaml +description: Kics workflow +name: kics +components: + - component: ghcr.io/smithy-security/smithy/images/components/targets/git-clone:v1.3.4 + - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/kics:v1.1.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.2 +``` + +2. Configure the run parameters of the component in the overrides file + +```yaml +# file: ./my-workflow/overrides.yaml +git-clone: + - name: "repo_url" + type: "string" + value: "https://github.com/0c34/govwa.git" + - name: "reference" + type: "string" + value: "master" +``` + +### SaaS + +1. In the Smithy UI, open the page to create a new workflow. +2. Add a an advanced git or github target and configure it to point to a repository with the + source code for a golang application. +3. Find Kics in the Scanners dropdown. Click to add it to the workflow. +4. Run the workflow as normal. + +## Options + +This component does not accept options. From 75e71151fa564437cd2581d71b2e9a4f6b7764d5 Mon Sep 17 00:00:00 2001 From: dlicheva Date: Tue, 16 Sep 2025 15:28:32 +0100 Subject: [PATCH 2/2] order component docs alphabetically --- docs/reference/components/bandit.md | 3 +- .../components/battlecard-printer.md | 1 - docs/reference/components/cdxgen.md | 37 ++++++----- docs/reference/components/codeql.md | 25 ++++---- docs/reference/components/credo.md | 1 - .../reference/components/custom-annotation.md | 3 +- .../components/data-enricher-frontend.md | 1 - docs/reference/components/defect-dojo.md | 1 - docs/reference/components/discord.md | 3 +- docs/reference/components/elasticsearch.md | 43 ++++++------- docs/reference/components/exploit-exists.md | 3 +- docs/reference/components/git-clone.md | 1 - .../components/git-intel-enricher.md | 1 - .../components/github-pr-commenter.md | 1 - docs/reference/components/gosec.md | 25 ++++---- docs/reference/components/image-get.md | 3 +- docs/reference/components/jira.md | 3 +- docs/reference/components/json-logger.md | 3 +- docs/reference/components/kafka.md | 64 +++++++++++-------- docs/reference/components/linear.md | 3 +- docs/reference/components/mobsfscan.md | 3 +- docs/reference/components/nancy.md | 1 - docs/reference/components/osv-scanner.md | 1 - docs/reference/components/pdf.md | 11 ++-- docs/reference/components/reachability.md | 3 +- docs/reference/components/s3.md | 3 +- docs/reference/components/semgrep.md | 3 +- docs/reference/components/sentry.md | 1 - docs/reference/components/slack.md | 7 +- docs/reference/components/snyk.md | 7 +- docs/reference/components/sobelow.md | 1 - docs/reference/components/sonarqube.md | 3 +- .../components/source-code-artifact.md | 26 ++++---- docs/reference/components/trivy.md | 3 +- docs/reference/components/trufflehog.md | 3 +- docs/reference/components/zaproxy.md | 1 - 36 files changed, 139 insertions(+), 163 deletions(-) diff --git a/docs/reference/components/bandit.md b/docs/reference/components/bandit.md index 1787a99..a2d339d 100644 --- a/docs/reference/components/bandit.md +++ b/docs/reference/components/bandit.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/python-bandit.png" + icon: "/img/components/python-bandit.png" title: 'Bandit' description: 'SAST scanner that analyses Python source code to look for security issues.' -sidebar_position: 3 --- # Bandit diff --git a/docs/reference/components/battlecard-printer.md b/docs/reference/components/battlecard-printer.md index 242b60e..5f5fd07 100644 --- a/docs/reference/components/battlecard-printer.md +++ b/docs/reference/components/battlecard-printer.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/battlecard-printer.svg" title: 'Battlecard Printer' description: 'A reporter that prints a summary of items found during the scan' -sidebar_position: 3 --- # Battlecard Printer diff --git a/docs/reference/components/cdxgen.md b/docs/reference/components/cdxgen.md index 66985fe..6049961 100644 --- a/docs/reference/components/cdxgen.md +++ b/docs/reference/components/cdxgen.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/cdxgen.svg" + icon: "/img/components/cdxgen.svg" title: 'CDXGen' description: 'Scanner component that generates a CycloneDX SBOM from source code.' -sidebar_position: 5 --- # CDXGEN @@ -28,8 +27,8 @@ This component does not do anything else currently. description: Workflow scanning with cdxgen name: cdxgen components: -- component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/cdxgen:v1.2.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/cdxgen:v1.2.2 ``` 2. Configure the run parameters of the component in the overrides file @@ -37,22 +36,22 @@ components: ```yaml # file: ./my-workflow/overrides.yaml git-clone: -- name: "repo_url" - type: "string" - value: "https://github.com/sqreen/go-dvwa" + - name: "repo_url" + type: "string" + value: "https://github.com/sqreen/go-dvwa" cdxgen: -- name: "backend_server_url" - type: "string" - value: "" -- name: "api_key" - type: "string" - value: "" -- name: "project_name" - type: "string" - value: "" -- name: "project_version" - type: "string" - value: "" + - name: "backend_server_url" + type: "string" + value: "" + - name: "api_key" + type: "string" + value: "" + - name: "project_name" + type: "string" + value: "" + - name: "project_version" + type: "string" + value: "" ``` ### SaaS diff --git a/docs/reference/components/codeql.md b/docs/reference/components/codeql.md index aa335f4..59c9eef 100644 --- a/docs/reference/components/codeql.md +++ b/docs/reference/components/codeql.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/codeql.svg" + icon: "/img/components/codeql.svg" title: 'CodeQL' description: 'Scanner that runs Github CodeQL SAST.' -sidebar_position: 5 --- # CodeQL @@ -22,11 +21,11 @@ The default CodeQL rules for each language are used to scan. description: Workflow scanning with codeql name: codeql components: -- component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/codeql:v1.3.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/nancy:v1.2.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/codeql:v1.3.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/nancy:v1.2.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.2 ``` 2. Configure the run parameters of the component in the overrides file @@ -34,12 +33,12 @@ components: ```yaml # file: ./my-workflow/overrides.yaml git-clone: -- name: "repo_url" - type: "string" - value: "https://github.com/0c34/govwa.git" -- name: "reference" - type: "string" - value: "master" + - name: "repo_url" + type: "string" + value: "https://github.com/0c34/govwa.git" + - name: "reference" + type: "string" + value: "master" ``` ### SaaS diff --git a/docs/reference/components/credo.md b/docs/reference/components/credo.md index 4f78359..64cc1ae 100644 --- a/docs/reference/components/credo.md +++ b/docs/reference/components/credo.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/credo.svg" title: 'Credo' description: 'Elixir static code analysis with Credo.' -sidebar_position: 3 --- # Credo diff --git a/docs/reference/components/custom-annotation.md b/docs/reference/components/custom-annotation.md index 4788eac..71f5ccd 100644 --- a/docs/reference/components/custom-annotation.md +++ b/docs/reference/components/custom-annotation.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/smithy.svg" + icon: "/img/components/smithy.svg" title: 'Custom Annotation' description: 'Enricher component that adds a custom annotation to findings. Mainly used for testing.' -sidebar_position: 16 --- # Custom Annotation diff --git a/docs/reference/components/data-enricher-frontend.md b/docs/reference/components/data-enricher-frontend.md index 9ed589d..2eacc8a 100644 --- a/docs/reference/components/data-enricher-frontend.md +++ b/docs/reference/components/data-enricher-frontend.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/smithy.svg" title: "Data Enricher" description: "Enricher component that adds details and deduplicates issues." -sidebar_position: 16 --- # Data Enricher - deduplication diff --git a/docs/reference/components/defect-dojo.md b/docs/reference/components/defect-dojo.md index e53180d..0e4632d 100644 --- a/docs/reference/components/defect-dojo.md +++ b/docs/reference/components/defect-dojo.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/defectdojo.svg" title: 'Defect Dojo' description: 'Reporter that pushes findings to a DefectDojo instance.' -sidebar_position: 18 --- # Defect Dojo diff --git a/docs/reference/components/discord.md b/docs/reference/components/discord.md index 2cb431c..1aba0c3 100644 --- a/docs/reference/components/discord.md +++ b/docs/reference/components/discord.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/discord.svg" + icon: "/img/components/discord.svg" title: 'Discord' description: 'Discord reporter that sends messages to Discord.' -sidebar_position: 17 --- # Discord diff --git a/docs/reference/components/elasticsearch.md b/docs/reference/components/elasticsearch.md index 8f56d50..8808b7c 100644 --- a/docs/reference/components/elasticsearch.md +++ b/docs/reference/components/elasticsearch.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/elasticsearch.svg" + icon: "/img/components/elasticsearch.svg" title: 'ElasticSearch' description: 'Reporter that pushes findings to an ElasticSearch instance.' -sidebar_position: 14 --- # ElasticSearch @@ -22,11 +21,11 @@ about ElasticSearch [here](https://kagi.com/search?q=elasticsearch). description: Workflow reporting to elasticsearch name: elasticsearch components: -- component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/gosec:v1.2.3 -- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/nancy:v1.2.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/reporters/elasticsearch:v1.0.1 + - component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/gosec:v1.2.3 + - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/nancy:v1.2.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/reporters/elasticsearch:v1.0.1 ``` @@ -36,22 +35,22 @@ components: ```yaml # file: ./my-workflow/overrides.yaml git-clone: -- name: "repo_url" - type: "string" - value: "https://github.com/sqreen/go-dvwa" -- name: "reference" - type: "string" - value: "master" + - name: "repo_url" + type: "string" + value: "https://github.com/sqreen/go-dvwa" + - name: "reference" + type: "string" + value: "master" elasticsearch: -- name: "elasticsearch_url" - type: "string" - value: "Your ES URL here" -- name: "elasticsearch_index" - type: "string" - value: "Any Index" -- name: "elasticsearch_api_key" - type: "string" - value: "An API Key with the rights to read cluster and write indexes" + - name: "elasticsearch_url" + type: "string" + value: "Your ES URL here" + - name: "elasticsearch_index" + type: "string" + value: "Any Index" + - name: "elasticsearch_api_key" + type: "string" + value: "An API Key with the rights to read cluster and write indexes" ``` *Warning*: You need to configure secrets and other parameters for elasticsearch diff --git a/docs/reference/components/exploit-exists.md b/docs/reference/components/exploit-exists.md index 4c93739..c621a66 100644 --- a/docs/reference/components/exploit-exists.md +++ b/docs/reference/components/exploit-exists.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/smithy.svg" + icon: "/img/components/smithy.svg" title: 'Exploit Finder' description: 'SaaS-Only Enricher component that adds an annotation and a filter if it can find an exploit for the given CVE' -sidebar_position: 16 --- # Exploit Finder diff --git a/docs/reference/components/git-clone.md b/docs/reference/components/git-clone.md index 4f3d969..5d27e58 100644 --- a/docs/reference/components/git-clone.md +++ b/docs/reference/components/git-clone.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/git-clone.svg" title: 'Git Clone' description: 'Source component that shallow clones a repository for scanning' -sidebar_position: 1 --- # Git Clone diff --git a/docs/reference/components/git-intel-enricher.md b/docs/reference/components/git-intel-enricher.md index 58eda7c..1d9aaa0 100644 --- a/docs/reference/components/git-intel-enricher.md +++ b/docs/reference/components/git-intel-enricher.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/github.svg" title: 'Git Intelligence Enricher' description: 'Enricher component adds Git Intelligence Enrichments to findings, so they can be better deduplicated.' -sidebar_position: 19 --- # Git Intelligence Enricher diff --git a/docs/reference/components/github-pr-commenter.md b/docs/reference/components/github-pr-commenter.md index 8f253e7..7a69ab4 100644 --- a/docs/reference/components/github-pr-commenter.md +++ b/docs/reference/components/github-pr-commenter.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/github.svg" title: 'GitHub PR Commenter' description: 'Reporter that comments on GitHub PRs with findings in changed lines.' -sidebar_position: 15 --- # GitHub PR Commenter diff --git a/docs/reference/components/gosec.md b/docs/reference/components/gosec.md index 12489bd..4eb9322 100644 --- a/docs/reference/components/gosec.md +++ b/docs/reference/components/gosec.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/golang-gosec.png" + icon: "/img/components/golang-gosec.png" title: 'Gosec' description: 'Scanner that runs the Gosec SAST for Go.' -sidebar_position: 5 --- # Gosec @@ -19,11 +18,11 @@ This scanner component runs the popular open source SAST Gosec. description: Workflow scanning with gosec name: gosec components: -- component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/gosec:v1.2.3 -- component: ghcr.io/smithy-security/smithy/manifests/components/scanners/nancy:v1.2.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2 -- component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/targets/git-clone:v1.3.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/gosec:v1.2.3 + - component: ghcr.io/smithy-security/smithy/manifests/components/scanners/nancy:v1.2.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/enrichers/custom-annotation:v0.1.2 + - component: ghcr.io/smithy-security/smithy/manifests/components/reporters/json-logger:v1.0.2 ``` 2. Configure the run parameters of the component in the overrides file @@ -31,12 +30,12 @@ components: ```yaml # file: ./my-workflow/overrides.yaml git-clone: -- name: "repo_url" - type: "string" - value: "https://github.com/0c34/govwa.git" -- name: "reference" - type: "string" - value: "master" + - name: "repo_url" + type: "string" + value: "https://github.com/0c34/govwa.git" + - name: "reference" + type: "string" + value: "master" ``` ### SaaS diff --git a/docs/reference/components/image-get.md b/docs/reference/components/image-get.md index afe486c..ab244bf 100644 --- a/docs/reference/components/image-get.md +++ b/docs/reference/components/image-get.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/image-get.svg" + icon: "/img/components/image-get.svg" title: 'Image Get' description: 'Source component that downloads a remote (OCI) container image for scanning' -sidebar_position: 1 --- # Image Get diff --git a/docs/reference/components/jira.md b/docs/reference/components/jira.md index c183f73..81f0bbd 100644 --- a/docs/reference/components/jira.md +++ b/docs/reference/components/jira.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/jira.svg" + icon: "/img/components/jira.svg" title: 'Jira' description: 'Jira reporter that opens formatted issues for every non-filtered finding.' -sidebar_position: 17 --- # Jira diff --git a/docs/reference/components/json-logger.md b/docs/reference/components/json-logger.md index d9c4cd6..6cea0c2 100644 --- a/docs/reference/components/json-logger.md +++ b/docs/reference/components/json-logger.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/stdout-json.svg" + icon: "/img/components/stdout-json.svg" title: 'JSON Logger' description: 'Reporter component that prints findings to stdout in JSON format.' -sidebar_position: 16 --- # JSON Logger diff --git a/docs/reference/components/kafka.md b/docs/reference/components/kafka.md index e5aef8e..5022dd5 100644 --- a/docs/reference/components/kafka.md +++ b/docs/reference/components/kafka.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/kafka.svg" title: 'Kafka' description: 'Kafka reporter that publishes OCSF findings in protobuf format to a configured Kafka topic or uploads them to S3 and notifies via Kafka.' -sidebar_position: 18 --- # Kafka @@ -17,11 +16,13 @@ The component supports both secure and insecure Kafka connections, with options The component supports two distinct reporting modes: **kafka mode:** + - Reports each individual finding as a separate Kafka message - Provides real-time streaming of findings as they are discovered - Suitable for scenarios requiring immediate processing of individual findings **s3-kafka mode (default):** + - Uploads all findings as a single blob to S3 - Sends one Kafka message containing metadata about the uploaded blob - Reduces Kafka message volume and provides efficient batch processing @@ -79,12 +80,14 @@ kafka: The component supports two mutually exclusive connection methods: **Direct Broker Addresses:** + ```yaml kafka_addresses: "broker1:9092,broker2:9092,broker3:9092" kafka_broker_srv_record: "" # Must be empty ``` **SRV Record Discovery:** + ```yaml kafka_broker_srv_record: "_kafka._tcp.example.com" kafka_addresses: "" # Must be empty @@ -101,29 +104,30 @@ kafka_tls_ca_file_path: "/path/to/ca-cert.pem" kafka_tls_client_key_file_path: "/path/to/client-key.pem" ``` -**Note:** The application expects certificate files to be present on the filesystem and accessible at the specified paths. +**Note: +** The application expects certificate files to be present on the filesystem and accessible at the specified paths. ## Options You can configure this component with the following options. The options that have a default value are optional: -| Option Name | Description | Default | Type | -|------------------------------------|---------------------------------------------------------------------------------------------------------------------------|-------------------------------|--------| -| **[Required]** kafka_topic | Topic where messages are published | | String | -| kafka_addresses | Comma-separated broker addresses (mutually exclusive with SRV record) | | String | -| kafka_broker_srv_record | SRV record for broker discovery (mutually exclusive with addresses) | | String | -| kafka_version | Kafka protocol version (e.g., "2.8.0"). If empty, client negotiates with broker | | String | -| kafka_client_id | Producer client identifier for broker logs | smithy-kafka-reporter | String | -| kafka_producer_message_key_id | Custom message key ID. If empty, instance_id is used in s3-kafka flow and finding_id is used in kafka flow | | String | -| kafka_tls_enabled | Enable TLS encryption | false | String | -| kafka_tls_client_cert_file_path | Path to client certificate file (required if TLS enabled) | /etc/ssl/certs/app/client.crt | String | -| kafka_tls_ca_file_path | Path to CA certificate file (required if TLS enabled) | /etc/ssl/certs/app/ca.crt | String | -| kafka_tls_client_key_file_path | Path to private key file (required if TLS enabled) | /etc/ssl/certs/app/client.key | String | -| kafka_send_max_retries | Maximum send retries (0 uses Kafka defaults) | 0 | String | -| reporter_type | Reporting mode: "kafka" or "s3-kafka" | s3-kafka | String | -| artifact_registry_url | S3 endpoint URL (required for s3-kafka mode) | | String | -| artifact_registry_access_secret | S3 access secret (required for s3-kafka mode) | | String | -| artifact_registry_access_key_id | S3 access key ID (required for s3-kafka mode) | | String | +| Option Name | Description | Default | Type | +|---------------------------------|------------------------------------------------------------------------------------------------------------|-------------------------------|--------| +| **[Required]** kafka_topic | Topic where messages are published | | String | +| kafka_addresses | Comma-separated broker addresses (mutually exclusive with SRV record) | | String | +| kafka_broker_srv_record | SRV record for broker discovery (mutually exclusive with addresses) | | String | +| kafka_version | Kafka protocol version (e.g., "2.8.0"). If empty, client negotiates with broker | | String | +| kafka_client_id | Producer client identifier for broker logs | smithy-kafka-reporter | String | +| kafka_producer_message_key_id | Custom message key ID. If empty, instance_id is used in s3-kafka flow and finding_id is used in kafka flow | | String | +| kafka_tls_enabled | Enable TLS encryption | false | String | +| kafka_tls_client_cert_file_path | Path to client certificate file (required if TLS enabled) | /etc/ssl/certs/app/client.crt | String | +| kafka_tls_ca_file_path | Path to CA certificate file (required if TLS enabled) | /etc/ssl/certs/app/ca.crt | String | +| kafka_tls_client_key_file_path | Path to private key file (required if TLS enabled) | /etc/ssl/certs/app/client.key | String | +| kafka_send_max_retries | Maximum send retries (0 uses Kafka defaults) | 0 | String | +| reporter_type | Reporting mode: "kafka" or "s3-kafka" | s3-kafka | String | +| artifact_registry_url | S3 endpoint URL (required for s3-kafka mode) | | String | +| artifact_registry_access_secret | S3 access secret (required for s3-kafka mode) | | String | +| artifact_registry_access_key_id | S3 access key ID (required for s3-kafka mode) | | String | ## Data Format @@ -135,19 +139,20 @@ You can find the OCSF schema [here](https://github.com/smithy-security/smithy/tr ```go import ( - ocsf "github.com/smithy-security/smithy/sdk/gen/ocsf_schema/v1" - "google.golang.org/protobuf/proto" +ocsf "github.com/smithy-security/smithy/sdk/gen/ocsf_schema/v1" +"google.golang.org/protobuf/proto" ) var finding ocsf.VulnerabilityFinding if err := proto.Unmarshal(rawMessageValueBytes, &finding); err != nil { - // handle error +// handle error } ``` ### S3-Kafka Mode In s3-kafka mode, the component: + 1. Uploads all findings as a tar archive of protobuf blobs to the configured S3 location 2. Sends one Kafka message containing metadata about the uploaded blob @@ -157,13 +162,13 @@ You can deserialise the information in each message with the following snippet: ```go import ( - v1 "github.com/smithy-security/private-components/reporters/kafka/proto/gen/v1" - "google.golang.org/protobuf/proto" +v1 "github.com/smithy-security/private-components/reporters/kafka/proto/gen/v1" +"google.golang.org/protobuf/proto" ) var event v1.InstanceCompletedEvent if err := proto.Unmarshal(rawMessageValueBytes, &event); err != nil { - // handle error +// handle error } ``` @@ -171,10 +176,10 @@ if err := proto.Unmarshal(rawMessageValueBytes, &event); err != nil { The following Kafka headers are populated: -| Key | Populated when | Description | -|---------------|------------------------------|-----------------------------------------------------------------------------------------------------------------------------| +| Key | Populated when | Description | +|---------------|-------------------------------|-----------------------------------------------------------------------------------------------------------------------------| | `instance_id` | mode is `kafka` or `s3-kafka` | Smithy's instance id for each run. This is a UUID and will be the same for all findings published in the same reporter run. | -| `finding_id` | mode is `kafka` | Incrementing integer that uniquely identifies each finding (kafka mode only). | +| `finding_id` | mode is `kafka` | Incrementing integer that uniquely identifies each finding (kafka mode only). | ## Producer Configuration @@ -190,16 +195,19 @@ These settings prioritize data consistency and delivery guarantees over throughp ## Troubleshooting **Connection Issues:** + - Verify broker addresses are correct and accessible - Check that the specified Kafka topic exists - Ensure firewall rules allow connections on the specified ports **TLS Issues:** + - Verify certificate files exist at the specified paths - Ensure certificate files are readable by the application - Check that certificates are not expired **S3-Kafka Mode Issues:** + - Verify S3 credentials and permissions - Check that the S3 bucket exists and is accessible - Ensure proper IAM permissions for S3 operations \ No newline at end of file diff --git a/docs/reference/components/linear.md b/docs/reference/components/linear.md index bfbd205..a101198 100644 --- a/docs/reference/components/linear.md +++ b/docs/reference/components/linear.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/linear.svg" + icon: "/img/components/linear.svg" title: 'Linear' description: 'Linear reporter that opens issues on Linear based on the given findings.' -sidebar_position: 17 --- # Linear diff --git a/docs/reference/components/mobsfscan.md b/docs/reference/components/mobsfscan.md index dce60d2..46a5bda 100644 --- a/docs/reference/components/mobsfscan.md +++ b/docs/reference/components/mobsfscan.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/mobsf.svg" + icon: "/img/components/mobsf.svg" title: 'MobSF Scan' description: 'SAST Scanner for mobile applications.' -sideba\_position: 5 --- # MobSF Scan diff --git a/docs/reference/components/nancy.md b/docs/reference/components/nancy.md index 45fabb1..e7fbe9d 100644 --- a/docs/reference/components/nancy.md +++ b/docs/reference/components/nancy.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/nancy.svg" title: 'Nancy' description: 'Dependency Scanner for Go.' -sidebar_position: 5 --- # Nancy diff --git a/docs/reference/components/osv-scanner.md b/docs/reference/components/osv-scanner.md index 2b8c85c..2e546dc 100644 --- a/docs/reference/components/osv-scanner.md +++ b/docs/reference/components/osv-scanner.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/osv-scanner.svg" title: 'OSV Scanner' description: 'Scanner that runs the OSV Scanner on your dependencies.' -sidebar_position: 5 --- # OSV Scanner diff --git a/docs/reference/components/pdf.md b/docs/reference/components/pdf.md index 4feb200..5482bc5 100644 --- a/docs/reference/components/pdf.md +++ b/docs/reference/components/pdf.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/pdf.svg" + icon: "/img/components/pdf.svg" title: 'PDF document' description: 'Reporter that prints findings into a templated PDF document.' -sidebar_position: 17 --- # PDF document @@ -66,9 +65,9 @@ pdf: You can configure this component with the following options. The options that have a default value are optional: -| Option Name | Description | Default | Type | -|--------------------------------------|-----------------------|---------|--------| +| Option Name | Description | Default | Type | +|------------------------------------------|-----------------------|---------|--------| | **\[Required]** aws\_access\_key\_id | Your S3 access key ID | | String | | **\[Required]** aws\_secret\_access\_key | Your S3 access key | | String | -| **\[Required]** bucket\_name | Your S3 bucket name | | String | -| **\[Required]** bucket\_region | Your S3 bucket region | | String | +| **\[Required]** bucket\_name | Your S3 bucket name | | String | +| **\[Required]** bucket\_region | Your S3 bucket region | | String | diff --git a/docs/reference/components/reachability.md b/docs/reference/components/reachability.md index 0237f48..d37474f 100644 --- a/docs/reference/components/reachability.md +++ b/docs/reference/components/reachability.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/smithy.svg" + icon: "/img/components/smithy.svg" title: 'Reachability' description: 'Enricher component that adds a `reachable` annotation to every finding.' -sidebar_position: 16 --- # Reachability diff --git a/docs/reference/components/s3.md b/docs/reference/components/s3.md index b2236df..120027e 100644 --- a/docs/reference/components/s3.md +++ b/docs/reference/components/s3.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/aws-s3.svg" + icon: "/img/components/aws-s3.svg" title: 'S3 Target' description: 'SaaS-Only Target component that downloads a zip or tar archive from a remote S3 compatible target for unpacking and ingesting' -sidebar_position: 1 --- # S3 Target diff --git a/docs/reference/components/semgrep.md b/docs/reference/components/semgrep.md index ebfad9b..7cab867 100644 --- a/docs/reference/components/semgrep.md +++ b/docs/reference/components/semgrep.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/semgrep.svg" + icon: "/img/components/semgrep.svg" title: 'Semgrep' description: 'Scanner that analyses source code with Semgrep to look for security issues.' -sidebar_position: 6 --- # Semgrep diff --git a/docs/reference/components/sentry.md b/docs/reference/components/sentry.md index b376964..ea70add 100644 --- a/docs/reference/components/sentry.md +++ b/docs/reference/components/sentry.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/sentry.svg" title: 'Sentry' description: 'Sentry reporter that pushes findings to Sentry.' -sidebar_position: 18 --- # Sentry diff --git a/docs/reference/components/slack.md b/docs/reference/components/slack.md index 61f5d18..42cb31c 100644 --- a/docs/reference/components/slack.md +++ b/docs/reference/components/slack.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/slack.svg" + icon: "/img/components/slack.svg" title: 'Slack' description: 'Reporter that pushes findings to a Slack channel.' -sidebar_position: 15 --- # Slack @@ -59,6 +58,6 @@ slack: You can configure this component with the following options: -| Option Name | Description | Default | Type | -|------------------------------|---------------|---------|--------| +| Option Name | Description | Default | Type | +|--------------------------------|---------------|---------|--------| | **\[Required]** slack\_webhook | Slack webhook | | String | diff --git a/docs/reference/components/snyk.md b/docs/reference/components/snyk.md index a04abc2..cef38af 100644 --- a/docs/reference/components/snyk.md +++ b/docs/reference/components/snyk.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/snyk.png" + icon: "/img/components/snyk.png" title: 'Snyk' description: 'Scanner component that scans Repositories and Containers with Snyk.' -sidebar_position: 9 --- # Snyk @@ -64,6 +63,6 @@ snyk: You can configure this component with the following options: -| Option Name | Description | Default | Type | -|---------------------------|--------------|---------|--------| +| Option Name | Description | Default | Type | +|-----------------------------|--------------|---------|--------| | **\[Required]** snyk\_token | Snyk API key | | String | diff --git a/docs/reference/components/sobelow.md b/docs/reference/components/sobelow.md index b1966e4..405ed83 100644 --- a/docs/reference/components/sobelow.md +++ b/docs/reference/components/sobelow.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/sobelow.png" title: 'Sobelow' description: 'Elixir security analysis with Sobelow.' -sidebar_position: 7 --- # Sobelow diff --git a/docs/reference/components/sonarqube.md b/docs/reference/components/sonarqube.md index b80bedd..0ec83c8 100644 --- a/docs/reference/components/sonarqube.md +++ b/docs/reference/components/sonarqube.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/sonarqube.svg" + icon: "/img/components/sonarqube.svg" title: 'SonarQube' description: 'SonarQube scanner that uses SonarQube Cloud Edition to generate findings' -sidebar_position: 17 --- # SonarQube diff --git a/docs/reference/components/source-code-artifact.md b/docs/reference/components/source-code-artifact.md index 3809fd9..fe4c15c 100644 --- a/docs/reference/components/source-code-artifact.md +++ b/docs/reference/components/source-code-artifact.md @@ -3,14 +3,14 @@ sidebar_custom_props: icon: "/img/components/source-code-artifact.svg" title: 'Source Code Artifact' description: 'Target component that downloads and extracts archived source code from various sources.' -sidebar_position: 5 --- # Source Code Artifact Target component that downloads and extracts archived source code from various sources including HTTP endpoints and S3-compatible storage. -The component supports `.zip`, `.tar`, and `.tar.gz` archive formats from multiple protocols and automatically extracts the contents for analysis by downstream components. +The component supports `.zip`, `.tar`, and +`.tar.gz` archive formats from multiple protocols and automatically extracts the contents for analysis by downstream components. ## Supported Sources @@ -84,19 +84,21 @@ source-code-artifact: You can configure this component with the following options: -| Option Name | Description | Default | Type | -|----------------------------------------|--------------------------------------------------|---------|--------| -| **[Required]** artifact_url | URL to the archive file | | String | -| **[Required]** artifact_reference | Branch, tag, or reference identifier | | String | -| artifact_extension | Extension of the artifact | | String | -| artifact_registry_region | AWS region for S3-compatible endpoints | | String | -| auth_id | Auth ID for authentication | | String | -| auth_secret | Secret for authentication | | String | +| Option Name | Description | Default | Type | +|-----------------------------------|----------------------------------------|---------|--------| +| **[Required]** artifact_url | URL to the archive file | | String | +| **[Required]** artifact_reference | Branch, tag, or reference identifier | | String | +| artifact_extension | Extension of the artifact | | String | +| artifact_registry_region | AWS region for S3-compatible endpoints | | String | +| auth_id | Auth ID for authentication | | String | +| auth_secret | Secret for authentication | | String | **Note:** -* For S3-compatible endpoints, `auth_id` and `auth_secret` are used as Access Key ID and Access Key secret. -* For HTTP endpoints, `auth_id` and `auth_secret` are used as username and password for basic authentication. +* For S3-compatible endpoints, `auth_id` and + `auth_secret` are used as Access Key ID and Access Key secret. +* For HTTP endpoints, `auth_id` and + `auth_secret` are used as username and password for basic authentication. Check out guidance [here](https://github.com/smithy-security/smithy/tree/main/components/targets/source-code-artifact) diff --git a/docs/reference/components/trivy.md b/docs/reference/components/trivy.md index 6afac36..3e579f8 100644 --- a/docs/reference/components/trivy.md +++ b/docs/reference/components/trivy.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/trivy.svg" + icon: "/img/components/trivy.svg" title: 'Trivy' description: "Scanner that runs Aquasec's Trivy against a container image." -sidebar_position: 6 --- # Trivy diff --git a/docs/reference/components/trufflehog.md b/docs/reference/components/trufflehog.md index 858db04..e525b75 100644 --- a/docs/reference/components/trufflehog.md +++ b/docs/reference/components/trufflehog.md @@ -1,9 +1,8 @@ --- sidebar_custom_props: - icon: "/img/components/trufflehog.svg" + icon: "/img/components/trufflehog.svg" title: 'Trufflehog' description: 'Scanner that runs the open source secrets scanner `trufflehog`.' -sidebar_position: 2 --- # Trufflehog diff --git a/docs/reference/components/zaproxy.md b/docs/reference/components/zaproxy.md index 88aa5bd..4fc7410 100644 --- a/docs/reference/components/zaproxy.md +++ b/docs/reference/components/zaproxy.md @@ -3,7 +3,6 @@ sidebar_custom_props: icon: "/img/components/zap.svg" title: 'ZAP' description: 'Scanner that runs the Open Source DAST ZAP.' -sidebar_position: 2 --- # ZAP